|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59105 pecl gnupg causes Apache to segfault
Submitted: 2010-03-09 22:22 UTC Modified: 2013-10-15 11:54 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: info at online-praesenz-beratung dot de Assigned: jimjag (profile)
Status: No Feedback Package: gnupg (PECL)
PHP Version: 5.3.1 OS: Debian sid
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-03-09 22:22 UTC] info at online-praesenz-beratung dot de
On Debian sid with PHP 5.3.1-5 and Apache 2.2.15, pecl gnupg causes the Apache child that executes the script to segfault. 

I recompiled pecl gnupg for PHP 5.3.1-5 on Debian sid, and after this, I got segfaults in the Apache log when trying to encrypt an e-mail:

[Wed Mar 10 03:45:02 2010] [notice] child pid **** exit signal Segmentation fault (11)

The execution of PHP was stopped and the PHP file was offered for download instead of being executed.

After deactivating gnupg, PHP worked properly again.

Reproduce code:
$encnachricht = gnupg_encrypt($res,$nachricht);

Expected result:
I would expect my e-mail to be encrypted

Actual result:
[Wed Mar 10 03:45:02 2010] [notice] child pid **** exit signal Segmentation fault (11)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-04-20 09:12 UTC] BenBE at geshi dot org
I'm using the OOP-style wrapper class of this PECL extension, but basically get the same crash. The GDB backtrace looks like this:

0xb6181f34 in gpgme_set_armor () from /usr/lib/
(gdb) bt
#0  0xb6181f34 in gpgme_set_armor () from /usr/lib/
#1  0xb61990a3 in gnupg_res_init (intern=0x1) at /tmp/pear/temp/gnupg/gnupg.c:140
#2  0xb6199f06 in gnupg_obj_new (class_type=0x88a9928) at /tmp/pear/temp/gnupg/gnupg.c:187
#3  0x082f9464 in _object_and_properties_init (arg=0x8903a78, class_type=0x88a9928, properties=0x0)
    at /tmp/buildd/php5-5.3.2/Zend/zend_API.c:1087
#4  0x082f957c in _object_init_ex (arg=0x8903a78, class_type=0x88a9928) at /tmp/buildd/php5-5.3.2/Zend/zend_API.c:1095
#5  0x0831e41e in ZEND_NEW_SPEC_HANDLER (execute_data=0x88a9928) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:473
#6  0x08317b93 in ZEND_USER_OPCODE_SPEC_HANDLER (execute_data=0x89287a8) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:703
#7  0x08318b9e in execute (op_array=0x8a51878) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:104
#8  0xb75c9765 in xdebug_execute (op_array=0x8a51878)
    at /build/buildd-xdebug_2.0.5-1+b1-i386-VWnNbE/xdebug-2.0.5/build-php5/xdebug.c:1562
#9  0xb5e720b4 in ?? () from /usr/lib/php5/20090626+lfs/
#10 0x08341b26 in zend_do_fcall_common_helper_SPEC (execute_data=0x0) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:337
#11 0x08318b9e in execute (op_array=0x88f4f28) at /tmp/buildd/php5-5.3.2/Zend/zend_vm_execute.h:104
#12 0xb75c9765 in xdebug_execute (op_array=0x88f4f28)
    at /build/buildd-xdebug_2.0.5-1+b1-i386-VWnNbE/xdebug-2.0.5/build-php5/xdebug.c:1562
#13 0xb5e720b4 in ?? () from /usr/lib/php5/20090626+lfs/
#14 0x082eed06 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/buildd/php5-5.3.2/Zend/zend.c:1266
#15 0x08293414 in php_execute_script (primary_file=0xbffff76c) at /tmp/buildd/php5-5.3.2/main/main.c:2288
#16 0x08384a9c in main (argc=2, argv=0xbffff864) at /tmp/buildd/php5-5.3.2/sapi/cli/php_cli.c:1196

The ctx given to gpgme_set_armor is non-NULL, but no check to ensure gpgme_new actually returns a valid context is made.
 [2013-07-17 13:00 UTC]
-Status: Open +Status: Feedback
 [2013-07-17 13:00 UTC]
Addressed in trunk (1.3.4-dev)... please check
 [2013-07-17 13:01 UTC]
-Assigned To: +Assigned To: jimjag
 [2013-10-15 11:54 UTC] pecl-dev at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jul 19 18:01:30 2024 UTC